-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Creds not logged #13
Comments
I think you may have just found the bug I've been chasing but unable to replicate. Will take a look thanks.
…Sent from my phone
On 02 May 2017, at 2:18 PM, Lexus89 ***@***.***> wrote:
When performing a EAP dumb-down attack by asking for GTC, the plain text credentials do not appear in the log (also referenced #12). I set the ennode configuration to a log file. Perhaps not all methods are stored in logs?
hostapd.eap_user:
"t" PEAP,GTC,TTLS-MSCHAPV2,MSCHAPV2,MD5,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS "1234test" [2]
Hostapd log:
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 02 0c 00 0b 01 68 61 63 6b 65 72
EAP-PEAP: received Phase 2: code=2 identifier=12 length=11
EAP-Identity: Peer identity - hexdump_ascii(len=6):
68 61 63 6b 65 72 hacker
MANA (EAP) : identity: hacker
...
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=15): 02 0e 00 0f 06 70 61 73 73 77 6f 72 64 30 31
EAP-PEAP: received Phase 2: code=2 identifier=14 length=15
EAP-GTC: Response - hexdump_ascii(len=10):
70 61 73 73 77 6f 72 64 30 31 password01
EAP-GTC: Done - Failure
EAP-PEAP: Phase2 method failed
EAP-PEAP: PHASE2_METHOD -> FAILURE_REQ
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 15
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=4): 04 0f 00 04
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Hi, Regards |
I believe it was by changing the order of methods in the hostapd.eap_user file.. |
Hi, Thanks for the reply, do you have an example file I can see? Regards |
I log PAP plaintext, not GTC. Will add it. Thanks. |
https://twitter.com/W00Tock/status/1019251419310972930 Edit file "hostapd-wpe.eap_user" (You can replace PEAP with FAST) PEAP [ver=1] By configuring the eap)user file, you can request from Apple and Android devices a GTC clear text password - which is shown in the debug console, but is currently not logged. Thanks Singe, thought this might help you find that bug... |
Thanks everyone. I now log GTC, you can see the code at https://github.com/sensepost/hostapd-mana/blob/master/src/eap_server/eap_server.c#L2136 |
When performing a EAP dumb-down attack by asking for GTC, the plain text credentials do not appear in the log (also referenced #12). I set the ennode configuration to a log file. Perhaps not all methods are stored in logs?
hostapd.eap_user:
"t" PEAP,GTC,TTLS-MSCHAPV2,MSCHAPV2,MD5,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS "1234test" [2]
Hostapd log:
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 02 0c 00 0b 01 68 61 63 6b 65 72
EAP-PEAP: received Phase 2: code=2 identifier=12 length=11
EAP-Identity: Peer identity - hexdump_ascii(len=6):
68 61 63 6b 65 72 hacker
MANA (EAP) : identity: hacker
...
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=15): 02 0e 00 0f 06 70 61 73 73 77 6f 72 64 30 31
EAP-PEAP: received Phase 2: code=2 identifier=14 length=15
EAP-GTC: Response - hexdump_ascii(len=10):
70 61 73 73 77 6f 72 64 30 31 password01
EAP-GTC: Done - Failure
EAP-PEAP: Phase2 method failed
EAP-PEAP: PHASE2_METHOD -> FAILURE_REQ
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 15
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=4): 04 0f 00 04
The text was updated successfully, but these errors were encountered: